package controller

import (
	"encoding/base64"
	"net/http"
	"time"

	"gitee.com/huangxinbo/xcas/internal/app/base"
	"gitee.com/huangxinbo/xcas/internal/constants"
	"gitee.com/huangxinbo/xcas/internal/model"
	"gitee.com/huangxinbo/xcas/internal/model/db_model"
	"gitee.com/huangxinbo/xcas/internal/service"
	"gitee.com/huangxinbo/xcas/pkg"
	"gitee.com/huangxinbo/xcas/pkg/base64_captcha"
	"gitee.com/huangxinbo/xcas/pkg/gin_extend"
	"gitee.com/huangxinbo/xcas/pkg/jwt"
	"gitee.com/huangxinbo/xcas/pkg/response"
	"github.com/gin-gonic/gin"
	"github.com/google/uuid"
	"go.uber.org/zap"
)

type CasController struct {
	base    *base.Base
	captcha *base64_captcha.Captcha
	service *service.Service
}

func NewCasController(base *base.Base, service *service.Service) *CasController {
	captcha := base64_captcha.NewCaptcha(base.Logger, base.RedisClient)
	return &CasController{
		base:    base,
		captcha: captcha,
		service: service,
	}
}

func (c *CasController) RegisterRoutes(router *gin.Engine) {
	userGroup := router.Group("/api/cas")
	{
		userGroup.POST("/login", c.Login)
		userGroup.POST("/register", c.Register)
		userGroup.POST("/register/verify", c.VerifyRegister)
		userGroup.POST("/forgot", c.ForgotPassword)
		userGroup.POST("/forgot/verify", c.VerifyForgotPassword)
		userGroup.POST("/service-validate", c.ServiceValidate)
		userGroup.GET("/st", c.GetSTByTGT)
		userGroup.GET("/logout", c.Logout)
	}
}

// Sign up
//
//	@Summary		Sign up
//	@Description	Account sign up
//	@Tags			cas
//	@Accept			json
//	@Produce		json
//	@Param			request	body		model.RegisterRequest	true	"register params"
//	@Success		200		{object}	model.Response			"Account sign up"
//	@Router			/api/cas/register [post]
func (c *CasController) Register(ctx *gin.Context) {
	var req model.RegisterRequest
	if err := ctx.ShouldBindJSON(&req); err != nil {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid parameters"), nil)
		return
	}

	// 1. 验证验证码
	valid := c.captcha.VerifyCaptcha(req.CaptchaId, req.Captcha)
	if !valid {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid captcha"), nil)
		return
	}

	// 2. 检查邮箱是否已注册
	existingUser, err := c.service.UserService.GetUserByEmail(ctx, req.Email)
	if err != nil {
		c.base.Logger.Error("Failed to check existing user", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Internal server error"), nil)
		return
	}

	if existingUser != nil {
		// 用户已存在
		if existingUser.VerifiedAt != nil {
			// 邮箱已认证
			response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Email already registered and verified"), nil)
			return
		} else {
			// 邮箱未认证，重新发送验证邮件
			_, err := c.service.VerificationService.CreateRegisterVerification(ctx, req.Email, db_model.VerificationTypeRegister)
			if err != nil {
				c.base.Logger.Error("Failed to create verification", zap.Error(err))
				response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to send verification email"), nil)
				return
			}
			response.Success[any](ctx, c.base.I18n.T("Verification email sent, please check your email"), nil)
			return
		}
	} else {
		// 新用户注册
		// 创建用户（未验证状态）
		userCreateReq := &model.UserCreateRequest{
			Name:     req.Email, // 使用邮箱作为默认用户名
			Email:    req.Email,
			Password: "", // 注册时不需要密码，等待邮箱验证后设置
		}

		user, err := c.service.UserService.CreateUser(ctx, userCreateReq)
		if err != nil {
			c.base.Logger.Error("Failed to create user", zap.Error(err))
			response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to create user"), nil)
			return
		}

		// 创建验证记录并发送邮件
		_, err = c.service.VerificationService.CreateRegisterVerification(ctx, req.Email, db_model.VerificationTypeRegister)
		if err != nil {
			c.base.Logger.Error("Failed to create verification", zap.Error(err))
			response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to send verification email"), nil)
			return
		}

		c.base.Logger.Info("User registered successfully, verification email sent",
			zap.String("email", req.Email),
			zap.String("user_id", user.ID))
		response.Success[any](ctx, c.base.I18n.T("Registration successful, please check your email for verification"), nil)
	}
}

// Verify register
//
//	@Summary		Verify register
//	@Description	Verify user registration with token and update user info
//	@Tags			cas
//	@Accept			json
//	@Produce		json
//	@Param			request	body		model.VerifyRegisterRequest	true	"verify register params"
//	@Success		200		{object}	model.Response				"Register verification successful"
//	@Router			/api/cas/register/verify [post]
func (c *CasController) VerifyRegister(ctx *gin.Context) {
	var req model.VerifyRegisterRequest
	if err := ctx.ShouldBindJSON(&req); err != nil {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid parameters"), nil)
		return
	}

	// 1. 检查邮箱是否已经验证过
	existingUser, err := c.service.UserService.GetUserByEmail(ctx, req.Email)
	if err != nil {
		c.base.Logger.Error("Failed to check existing user", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Internal server error"), nil)
		return
	}

	if existingUser != nil && existingUser.VerifiedAt != nil {
		// 邮箱已经验证过，无需再次验证
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Email already verified, no need to verify again"), nil)
		return
	}

	// 2. 验证验证码
	valid := c.captcha.VerifyCaptcha(req.CaptchaId, req.Captcha)
	if !valid {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid captcha"), nil)
		return
	}

	// 3. 验证 token 是否存在于 verification 表，并判断是否过期
	isValid, err := c.service.VerificationService.VerifyToken(ctx, req.Email, req.Token, db_model.VerificationTypeRegister)
	if err != nil {
		c.base.Logger.Error("Failed to verify token", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Internal server error"), nil)
		return
	}

	if !isValid {
		// 令牌无效或过期，重新发送验证邮件
		_, err := c.service.VerificationService.CreateRegisterVerification(ctx, req.Email, db_model.VerificationTypeRegister)
		if err != nil {
			c.base.Logger.Error("Failed to resend verification email", zap.Error(err))
			response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to resend verification email"), nil)
			return
		}

		c.base.Logger.Info("Verification token expired, resend verification email",
			zap.String("email", req.Email))
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Verification token expired, new verification email has been sent"), nil)
		return
	}

	// 4. 对 base64 编码的密码进行解码
	decodedPassword, err := base64.StdEncoding.DecodeString(req.Password)
	if err != nil {
		c.base.Logger.Error("Failed to decode base64 password", zap.Error(err))
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid password format"), nil)
		return
	}

	// 5. 更新用户表（name, password）
	err = c.service.UserService.UpdateUserAfterVerification(ctx, req.Email, req.Name, string(decodedPassword))
	if err != nil {
		c.base.Logger.Error("Failed to update user after verification", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to complete registration"), nil)
		return
	}

	c.base.Logger.Info("User registration verified and updated successfully",
		zap.String("email", req.Email),
		zap.String("name", req.Name))
	response.Success[any](ctx, c.base.I18n.T("Registration completed successfully"), nil)
}

// Sign in
//
//	@Summary		Sign in
//	@Description	Account sign in
//	@Tags			cas
//	@Accept			json
//	@Produce		json
//	@Param			request	body		model.LoginRequest	true	"login params"
//	@Success		200		{object}	model.LoginResponse	"Account sign in"
//	@Router			/api/cas/login [post]
func (c *CasController) Login(ctx *gin.Context) {
	var req model.LoginRequest
	if err := ctx.ShouldBindJSON(&req); err != nil {
		c.base.Logger.Error("Invalid parameters", zap.Error(err))
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid parameters"), nil)
		return
	}

	// 1. 验证验证码
	valid := c.captcha.VerifyCaptcha(req.CaptchaId, req.Captcha)
	if !valid {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid captcha"), nil)
		return
	}

	// 2. 验证用户凭据
	user, err := c.service.UserService.GetUserByEmail(ctx, req.Email)
	if err != nil {
		c.base.Logger.Error("Failed to get user by email", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Internal server error"), nil)
		return
	}

	if user == nil {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("User not found"), nil)
		return
	}

	// 3. 验证邮箱是否已认证
	if user.VerifiedAt == nil {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Email not verified, please verify your email first"), nil)
		return
	}

	// 4. 验证密码
	decodedPassword, err := base64.StdEncoding.DecodeString(req.Password)
	if err != nil {
		c.base.Logger.Error("Failed to decode base64 password", zap.Error(err))
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid password format"), nil)
		return
	}

	isValidPassword := c.service.UserService.VerifyPassword(user.Password, string(decodedPassword))
	if !isValidPassword {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid password"), nil)
		return
	}

	// 5. 创建TGT
	userUUID, err := uuid.Parse(user.ID)
	if err != nil {
		c.base.Logger.Error("Failed to parse user ID as UUID", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Internal server error"), nil)
		return
	}

	tgt, err := c.service.CasService.CreateTGT(ctx, userUUID, req.Remember)
	if err != nil {
		c.base.Logger.Error("Failed to create TGT", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to create login session"), nil)
		return
	}

	// 6. 如果提供了service，创建ST
	var st *db_model.CasTicket
	service := req.Service
	if service == "" {
		url, err := pkg.GetBaseURL(gin_extend.GetCallerPageURL(ctx))
		if err != nil {
			c.base.Logger.Error("Failed get base url", zap.Error(err))
			response.Error[any](ctx, response.ERROR, c.base.I18n.T("Login fail"), nil)
			return
		}
		service = url + "/cas/profile"
	}
	if service != "" {
		st, err = c.service.CasService.CreateST(ctx, tgt.ID, service)
		if err != nil {
			c.base.Logger.Error("Failed to create ST", zap.Error(err))
			response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to create service ticket"), nil)
			return
		}
	}

	// 7. 设置TGC Cookie (Ticket Granting Cookie)
	ctx.SetCookie(constants.TGC, tgt.ID, int(time.Until(tgt.ExpiredAt).Seconds()), "/", "", true, true)

	// 8. 返回响应
	responseData := model.LoginResponseData{}
	if st != nil {
		responseData.Ticket = st.ID
	}

	response.Success(ctx, c.base.I18n.T("Login successful"), responseData)
}

// Get ST
//
//	@Summary		Get ST
//	@Description	Get ST by TGT
//	@Tags			cas
//	@Accept			json
//	@Produce		json
//	@Success		200	{object}	model.LoginResponse	"Account sign in"
//	@Router			/api/cas/st [get]
func (c *CasController) GetSTByTGT(ctx *gin.Context) {
	// 1. 从cookie中获取TGC
	tgc, err := ctx.Cookie(constants.TGC)
	if err != nil {
		response.Error[any](ctx, response.SUCCESS, c.base.I18n.T("TGC not found"), nil)
		return
	}

	if tgc == "" {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("TGC is empty"), nil)
		return
	}

	// 2. 验证TGT是否存在且未过期
	tgt, err := c.service.CasService.GetTGTByID(ctx, tgc)
	if err != nil {
		c.base.Logger.Error("Failed to get TGT", zap.Error(err))
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid TGT"), nil)
		return
	}

	if tgt == nil {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("TGT not found"), nil)
		return
	}

	// 3. 检查TGT是否因闲置时间过期
	if time.Now().After(tgt.ExpiredAt) {
		// TGT已过期，删除TGT
		err = c.service.CasService.DeleteTGT(ctx, tgc)
		if err != nil {
			c.base.Logger.Error("Failed to delete expired TGT", zap.Error(err))
		}
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("TGT expired"), nil)
		return
	}

	// 3. 获取service参数
	service := ctx.Query("service")
	if service == "" {
		url, err := pkg.GetBaseURL(gin_extend.GetCallerPageURL(ctx))
		if err != nil {
			c.base.Logger.Error("Failed get base url", zap.Error(err))
			response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to get service URL"), nil)
			return
		}
		service = url + "/cas/profile"
	}

	// 4. 创建ST
	st, err := c.service.CasService.CreateST(ctx, tgc, service)
	if err != nil {
		c.base.Logger.Error("Failed to create ST", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to create service ticket"), nil)
		return
	}

	// 5. 更新TGT相关Redis键的过期时间
	err = c.service.CasService.UpdateTGTExpiration(ctx, tgc, tgt.ExpiredAt)
	if err != nil {
		c.base.Logger.Error("Failed to update TGT expiration", zap.Error(err))
		// 即使更新失败，也返回ST，但记录错误
	}

	// 6. 更新TGC cookie的过期时间
	ctx.SetSameSite(http.SameSiteLaxMode)
	ctx.SetCookie(constants.TGC, tgc, int(time.Until(tgt.ExpiredAt).Seconds()), "/", "", true, true)

	// 7. 返回ST
	responseData := model.LoginResponseData{
		Ticket: st.ID,
	}

	c.base.Logger.Info("ST created successfully via TGC",
		zap.String("tgc", tgc),
		zap.String("st", st.ID),
		zap.String("service", service))

	response.Success(ctx, c.base.I18n.T("Service ticket created successfully"), responseData)
}

// Service validate
//
//	@Summary		Service validate
//	@Description	Validate service ticket and return user information
//	@Tags			cas
//	@Accept			json
//	@Produce		json
//	@Param			request	body		model.ServiceValidateRequest	true	"service validate params"
//	@Success		200		{object}	model.ServiceValidateResponse	"Service validation successful"
//	@Router			/api/cas/service-validate [post]
func (c *CasController) ServiceValidate(ctx *gin.Context) {
	var req model.ServiceValidateRequest
	if err := ctx.ShouldBindJSON(&req); err != nil {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid parameters"), nil)
		return
	}

	// 1. 验证服务票证
	st, err := c.service.CasService.ValidateST(ctx, req.Ticket, req.Service)
	if err != nil {
		c.base.Logger.Error("Failed to validate service ticket",
			zap.String("ticket", req.Ticket),
			zap.String("service", req.Service),
			zap.Error(err))
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid service ticket"), nil)
		return
	}

	// 3. 获取用户信息
	user, err := c.service.UserService.GetUser(ctx, st.PrincipalID.String())
	if err != nil {
		c.base.Logger.Error("Failed to get user information",
			zap.String("user_id", st.PrincipalID.String()),
			zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to get user information"), nil)
		return
	}

	// 4. 生成 JWT 访问令牌
	jwt := jwt.NewJWT(c.base.Config)
	accessToken, tokenExpire, err := jwt.GenerateToken(ctx, user)
	if err != nil {
		c.base.Logger.Error("Failed to generate JWT token",
			zap.String("user_id", st.PrincipalID.String()),
			zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to generate access token"), nil)
		return
	}

	// accessToken 写入 cookie
	ctx.SetSameSite(http.SameSiteLaxMode)
	ctx.SetCookie(constants.TOKEN, accessToken, int(time.Until(tokenExpire).Seconds()), "/", "", false, false)

	// 4. 返回响应
	responseData := model.ServiceValidateResponseData{
		Token:  accessToken,
		Expire: tokenExpire.Unix(),
		User: model.ServiceValidateResponseDataUser{
			Name:   user.Name,
			Email:  user.Email,
			Image:  pkg.GetStringValue(user.Image),
			Region: pkg.GetStringValue(user.Region),
			Role:   user.Role,
		},
	}

	response.Success(ctx, c.base.I18n.T("Service validation successful"), responseData)
}

// Logout
//
//	@Summary		Logout
//	@Description	User logout
//	@Tags			cas
//	@Accept			json
//	@Produce		json
//	@Success		200	{object}	model.Response	"Logout successful"
//	@Router			/api/cas/logout [get]
func (c *CasController) Logout(ctx *gin.Context) {
	// 1. 从cookie中获取TGC
	tgc, err := ctx.Cookie(constants.TGC)
	if err != nil {
		// 如果没有TGC cookie，直接返回成功
		c.base.Logger.Info("No TGC cookie found, logout completed")
		response.Success[any](ctx, c.base.I18n.T("Logout successful"), nil)
		return
	}

	if tgc == "" {
		// TGC为空，直接返回成功
		c.base.Logger.Info("TGC is empty, logout completed")
		response.Success[any](ctx, c.base.I18n.T("Logout successful"), nil)
		return
	}

	// 2. 删除TGT及相关数据
	err = c.service.CasService.DeleteTGT(ctx, tgc)
	if err != nil {
		c.base.Logger.Error("Failed to delete TGT during logout",
			zap.String("tgc", tgc),
			zap.Error(err))
		// 即使删除失败，也继续执行，因为可能是TGT已经过期
	}

	// 3. 清除TGC Cookie
	ctx.SetCookie(constants.TGC, "", -1, "/", "", true, true)

	// 4. 清除访问令牌Cookie（如果存在）
	ctx.SetCookie(constants.TOKEN, "", -1, "/", "", false, false)

	c.base.Logger.Info("User logout completed successfully",
		zap.String("tgc", tgc))

	response.Success[any](ctx, c.base.I18n.T("Logout successful"), nil)
}

// Forgot password
//
//	@Summary		Forgot password
//	@Description	Send forgot password verification email
//	@Tags			cas
//	@Accept			json
//	@Produce		json
//	@Param			request	body		model.ForgotPasswordRequest	true	"forgot password params"
//	@Success		200		{object}	model.Response				"Forgot password verification email sent"
//	@Router			/api/cas/forgot [post]
func (c *CasController) ForgotPassword(ctx *gin.Context) {
	var req model.ForgotPasswordRequest
	if err := ctx.ShouldBindJSON(&req); err != nil {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid parameters"), nil)
		return
	}

	// 1. 验证验证码
	valid := c.captcha.VerifyCaptcha(req.CaptchaId, req.Captcha)
	if !valid {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid captcha"), nil)
		return
	}

	// 2. 检查邮箱是否存在且已验证
	existingUser, err := c.service.UserService.GetUserByEmail(ctx, req.Email)
	if err != nil {
		c.base.Logger.Error("Failed to check existing user", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Internal server error"), nil)
		return
	}

	if existingUser == nil {
		// 用户不存在，但为了安全考虑，仍然返回成功消息
		c.base.Logger.Info("Forgot password request for non-existent email",
			zap.String("email", req.Email))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("If the email exists, a verification email has been sent"), nil)
		return
	}

	// 检查用户是否已验证邮箱
	if existingUser.VerifiedAt == nil {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Email not verified, please verify your email first"), nil)
		return
	}

	// 3. 创建忘记密码验证记录并发送邮件
	_, err = c.service.VerificationService.CreateForgotPasswordVerification(ctx, req.Email)
	if err != nil {
		c.base.Logger.Error("Failed to create forgot password verification", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to send verification email"), nil)
		return
	}

	c.base.Logger.Info("Forgot password verification email sent",
		zap.String("email", req.Email))
	response.Success[any](ctx, c.base.I18n.T("Verification email sent, please check your email"), nil)
}

// Verify forgot password
//
//	@Summary		Verify forgot password
//	@Description	Verify forgot password token and reset password
//	@Tags			cas
//	@Accept			json
//	@Produce		json
//	@Param			request	body		model.VerifyForgotPasswordRequest	true	"verify forgot password params"
//	@Success		200		{object}	model.Response						"Password reset successful"
//	@Router			/api/cas/forgot/verify [post]
func (c *CasController) VerifyForgotPassword(ctx *gin.Context) {
	var req model.VerifyForgotPasswordRequest
	if err := ctx.ShouldBindJSON(&req); err != nil {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid parameters"), nil)
		return
	}

	// 1. 验证验证码
	valid := c.captcha.VerifyCaptcha(req.CaptchaId, req.Captcha)
	if !valid {
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid captcha"), nil)
		return
	}

	// 2. 验证 token 是否存在于 verification 表，并判断是否过期
	isValid, err := c.service.VerificationService.VerifyToken(ctx, req.Email, req.Token, db_model.VerificationTypeForgot)
	if err != nil {
		c.base.Logger.Error("Failed to verify token", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Internal server error"), nil)
		return
	}

	if !isValid {
		// 令牌无效或过期，重新发送验证邮件
		_, err := c.service.VerificationService.CreateForgotPasswordVerification(ctx, req.Email)
		if err != nil {
			c.base.Logger.Error("Failed to resend verification email", zap.Error(err))
			response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to resend verification email"), nil)
			return
		}

		c.base.Logger.Info("Forgot password verification token expired, resend verification email",
			zap.String("email", req.Email))
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Verification token expired, new verification email has been sent"), nil)
		return
	}

	// 3. 对 base64 编码的密码进行解码
	decodedPassword, err := base64.StdEncoding.DecodeString(req.Password)
	if err != nil {
		c.base.Logger.Error("Failed to decode base64 password", zap.Error(err))
		response.Error[any](ctx, response.INVALID_PARAMS, c.base.I18n.T("Invalid password format"), nil)
		return
	}

	// 4. 重置用户密码
	err = c.service.UserService.ResetPassword(ctx, req.Email, string(decodedPassword))
	if err != nil {
		c.base.Logger.Error("Failed to reset password", zap.Error(err))
		response.Error[any](ctx, response.ERROR, c.base.I18n.T("Failed to reset password"), nil)
		return
	}

	c.base.Logger.Info("Password reset successfully",
		zap.String("email", req.Email))
	response.Success[any](ctx, c.base.I18n.T("Password reset successfully"), nil)
}
